Required privileges

Create a VMware user account and one or more VMware roles with a set or all of the privileges listed below. Base the roles’ creation on the specific level of granularly required over the user’s permissions to request the various Citrix Virtual Apps and Desktops operations at any time. To grant the user specific permissions at any point, associate them with the respective role, at the DataCenter level at a minimum.

The following tables show the mappings between Citrix Virtual Apps and Desktops operations and the minimum required VMware privileges.

If you want the VMs you create to be tagged, add the following permissions for the user account.

To ensure that you use a clean base image for creating new VMs, tag VMs created with Machine Creation Services to exclude them from the list of VMs available to use as base images.

SDK

User interface

Global.ManageCustomFields

Global > Manage custom attributes

Global.SetCustomField

Global > Set custom attribute

Provision machines (Citrix Provisioning)

All privileges from Provision machines (Machine Creation Services) and the following.

SDK

User interface

VirtualMachine.Config.AddRemoveDevice

Virtual machine > Configuration > Add or remove device

VirtualMachine.Config.CPUCount

Virtual machine > Configuration > Change CPU Count

VirtualMachine.Config.Memory

Virtual machine > Configuration > Memory

VirtualMachine.Config.Settings

Virtual machine > Configuration > Settings

VirtualMachine.Provisioning.CloneTemplate

Virtual machine > Provisioning > Clone template

VirtualMachine.Provisioning.DeployTemplate

Virtual machine > Provisioning > Deploy template

Power management

SDK

User interface

VirtualMachine.Interact.PowerOff

Virtual machine > Interaction > Power Off

VirtualMachine.Interact.PowerOn

Virtual machine > Interaction > Power On

VirtualMachine.Interact.Reset

Virtual machine > Interaction > Reset

VirtualMachine.Interact.Suspend

Virtual machine > Interaction > Suspend

Image update and rollback

SDK

User interface

Datastore.AllocateSpace

Datastore > Allocate space

Datastore.Browse

Datastore > Browse datastore

Datastore.FileManagement

Datastore > Low level file operations

Network.Assign

Network > Assign network

Resource.AssignVMToPool

Resource > Assign virtual machine to resource pool

VirtualMachine.Config.AddExistingDisk

Virtual machine > Configuration > Add existing disk

VirtualMachine.Config.AddNewDisk

Virtual machine > Configuration > Add new disk

VirtualMachine.Config.AdvancedConfig

Virtual machine > Configuration > Advanced

VirtualMachine.Config.RemoveDisk

Virtual machine > Configuration > Remove disk

VirtualMachine.Interact.PowerOff

Virtual machine > Interaction > Power Off

VirtualMachine.Interact.PowerOn

Virtual machine > Interaction > Power On

VirtualMachine.Interact.Reset

Virtual machine > Interaction > Reset

VirtualMachine.Inventory.CreateFromExisting

Virtual machine > Inventory > Create from existing

VirtualMachine.Inventory.Create

Virtual machine > Inventory > Create new

VirtualMachine.Inventory.Delete

Virtual machine > Inventory > Remove

VirtualMachine.Provisioning.Clone

Virtual machine > Provisioning > Clone virtual machine

Delete provisioned machines

SDK

User interface

Datastore.Browse

Datastore > Browse datastore

Datastore.FileManagement

Datastore > Low level file operations

VirtualMachine.Config.RemoveDisk

Virtual machine > Configuration > Remove disk

VirtualMachine.Interact.PowerOff

Virtual machine > Interaction > Power Off

VirtualMachine.Inventory.Delete

Virtual machine > Inventory > Remove

Create AppDisks

Valid for VMware vSphere minimum version 5.5 and XenApp and XenDesktop minimum version 7.8.

SDK

User interface

Datastore.AllocateSpace

Datastore > Allocate space

Datastore.Browse

Datastore > Browse datastore

Datastore.FileManagement

Datastore > Low level file operations

VirtualMachine.Config.AddExistingDisk

Virtual machine > Configuration > Add existing disk

VirtualMachine.Config.AddNewDisk

Virtual machine > Configuration > Add new disk

VirtualMachine.Config.AdvancedConfig

Virtual machine > Configuration > Advanced

VirtualMachine.Config.EditDevice

Virtual machine > Configuration > Modify Device Settings

VirtualMachine.Config.RemoveDisk

Virtual machine > Configuration > Remove disk

VirtualMachine.Interact.PowerOff

Virtual machine > Interaction > Power Off

VirtualMachine.Interact.PowerOn

Virtual machine > Interaction > Power On

Delete AppDisks

Valid for VMware vSphere minimum version 5.5 and XenApp and XenDesktop minimum version 7.8.

SDK

User interface

Datastore.Browse

Datastore > Browse datastore

Datastore.FileManagement

Datastore > Low level file operations

VirtualMachine.Config.RemoveDisk

Virtual machine > Configuration > Remove disk

VirtualMachine.Interact.PowerOff

Virtual machine > Interaction > Power Off

Obtain and import a certificate

To protect vSphere communications, Citrix recommends that you use HTTPS rather than HTTP. HTTPS requires digital certificates. Citrix recommends you use a digital certificate issued from a certificate authority in accordance with your organization’s security policy.

If you are unable to use a digital certificate issued from a certificate authority, and your organization’s security policy permits it, you can use the VMware-installed self-signed certificate. Add the VMware vCenter certificate to each Cloud Connector.

Add the fully qualified domain name (FQDN) of the computer running vCenter Server to the hosts file on that server, located at %SystemRoot%/WINDOWS/system32/Drivers/etc/. This step is required only if the FQDN of the computer running vCenter Server is not already present in the domain name system.

Obtain the vCenter certificate using any of the following three methods:

From the vCenter server.

Copy the file rui.crt from the vCenter server to a location accessible on your Cloud Connectors.

On the Cloud Connector, navigate to the location of the exported certificate and open the rui.crt file.

Download the certificate using a web browser. If you are using Internet Explorer, depending on your user account, you may need to right-click on Internet Explorer and choose Run as Administrator to download or install the certificate.

Import the certificate into the certificate store on each Cloud Connector.

Click Install certificate, select Local Machine, and then click Next.

Select Place all certificates in the following store, and then click Browse. Select Trusted People and then click OK. Click Next and then click Finish.

If you change the name of the vSphere server after installation, you must generate a new self-signed certificate on that server before importing the new certificate.

Configuration considerations

Create a master VM:

Use a master VM to provide user desktops and applications in a machine catalog. On your hypervisor:

Install a VDA on the master VM, selecting the option to optimize the desktop, which improves performance.

Take a snapshot of the master VM to use as a back-up.

Create a connection:

In the connection creation wizard:

Select the VMware connection type.

Specify the address of the access point for the vCenter SDK.

Specify the credentials for a VMware user account you set up earlier that has permissions to create new VMs. Specify the username in the form domain/username.

VMware SSL thumbprint

The VMware SSL thumbprint feature addresses a frequently-reported error when creating a host connection to a VMware vSphere hypervisor. Previously, administrators had to manually create a trust relationship between the Delivery Controllers in the Site and the hypervisor’s certificate before creating a connection. The VMware SSL thumbprint feature removes that manual requirement: the untrusted certificate’s thumbprint is stored on the Site database so that the hypervisor can be continuously identified as trusted by Citrix Virtual Apps and Desktops, even if not by the Controllers.

When creating a vSphere host connection in Studio, a dialog box allows you to view the certificate of the machine you are connecting to. You can then choose whether to trust it.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.